c.e.security.jwt.AuthEntryPointJwt : Unauthorized error: Full authentication is required to access this resource

application.properties

server.port=8088

spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/tenant_single_db
spring.datasource.username=postgres
spring.datasource.password=postgres
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
spring.datasource.driver-class-name=org.postgresql.Driver
spring.jpa.hibernate.ddl-auto=update

# Application properties
# https://passwordsgenerator.net/
app.jwtSecret=pXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDe
app.jwtExpirationMs=86400000

# swagger-ui custom path. Run ok.
# http://localhost:8088/swagger-ui/index.html
springdoc.swagger-ui.path=/swagger-ui.html
springdoc.packagesToScan=com.example.controller, com.example.controllers

JavaScript
​x
 
server.port=8088​spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/tenant_single_dbspring.datasource.username=postgresspring.datasource.password=postgresspring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialectspring.datasource.driver-class-name=org.postgresql.Driverspring.jpa.hibernate.ddl-auto=update​# Application properties# https://passwordsgenerator.net/app.jwtSecret=pXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDeapp.jwtExpirationMs=86400000​# swagger-ui custom path. Run ok.# http://localhost:8088/swagger-ui/index.htmlspringdoc.swagger-ui.path=/swagger-ui.htmlspringdoc.packagesToScan=com.example.controller, com.example.controllers​

config

package com.example.security;

import com.example.security.jwt.AuthEntryPointJwt;
import com.example.security.jwt.AuthTokenFilter;
import com.example.security.services.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.server.SecurityWebFilterChain;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
        // securedEnabled = true,
        // jsr250Enabled = true,
        prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsServiceImpl userDetailsService;

    @Autowired
    private AuthEntryPointJwt unauthorizedHandler;

    @Bean
    public AuthTokenFilter authenticationJwtTokenFilter() {
        return new AuthTokenFilter();
    }

    @Override
    public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }


    // Nếu id gửi lên != id của tenant của user đó trong database, thì không cho đi tiếp.
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests().antMatchers("/api/auth/**", "/swagger-ui/**").permitAll()

                .antMatchers("/api/test/**").permitAll()
                .anyRequest().authenticated();
        http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
        //;

       // .addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class); // VyDN 2022_07_22 // https://www.baeldung.com/spring-security-custom-filter
    }

}

// Add filter before, after: https://stackoverflow.com/a/59000469

JavaScript
 
package com.example.security;​import com.example.security.jwt.AuthEntryPointJwt;import com.example.security.jwt.AuthTokenFilter;import com.example.security.services.UserDetailsServiceImpl;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.config.http.SessionCreationPolicy;import org.springframework.security.config.web.server.ServerHttpSecurity;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;import org.springframework.security.web.server.SecurityWebFilterChain;​@Configuration@EnableWebSecurity@EnableGlobalMethodSecurity(        // securedEnabled = true,        // jsr250Enabled = true,        prePostEnabled = true)public class WebSecurityConfig extends WebSecurityConfigurerAdapter {​    @Autowired    UserDetailsServiceImpl userDetailsService;​    @Autowired    private AuthEntryPointJwt unauthorizedHandler;​    @Bean    public AuthTokenFilter authenticationJwtTokenFilter() {        return new AuthTokenFilter();    }​    @Override    public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {        authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());    }​    @Bean    @Override    public AuthenticationManager authenticationManagerBean() throws Exception {        return super.authenticationManagerBean();    }​    @Bean    public PasswordEncoder passwordEncoder() {        return new BCryptPasswordEncoder();    }​​    // Nếu id gửi lên != id của tenant của user đó trong database, thì không cho đi tiếp.    @Override    protected void configure(HttpSecurity http) throws Exception {        http.cors().and().csrf().disable()                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()                .authorizeRequests().antMatchers("/api/auth/**", "/swagger-ui/**").permitAll()​                .antMatchers("/api/test/**").permitAll()                .anyRequest().authenticated();        http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);        //;​       // .addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class); // VyDN 2022_07_22 // https://www.baeldung.com/spring-security-custom-filter    }​}​// Add filter before, after: https://stackoverflow.com/a/59000469​​

log

"C:Program FilesJavajdk-18.0.1.1binjava.exe" -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:60285,suspend=y,server=n -XX:TieredStopAtLevel=1 -noverify -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dspring.jmx.enabled=true -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true -javaagent:C:UsersdonhuAppDataLocalJetBrainsIntelliJIdea2022.1captureAgentdebugger-agent.jar -Dfile.encoding=UTF-8 -classpath "D:githubspring-jwttargetclasses;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-data-jpa2.7.1spring-boot-starter-data-jpa-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-aop2.7.1spring-boot-starter-aop-2.7.1.jar;C:Usersdonhu.m2repositoryorgaspectjaspectjweaver1.9.7aspectjweaver-1.9.7.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-jdbc2.7.1spring-boot-starter-jdbc-2.7.1.jar;C:Usersdonhu.m2repositorycomzaxxerHikariCP4.0.3HikariCP-4.0.3.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-jdbc5.3.21spring-jdbc-5.3.21.jar;C:Usersdonhu.m2repositoryjakartatransactionjakarta.transaction-api1.3.3jakarta.transaction-api-1.3.3.jar;C:Usersdonhu.m2repositoryjakartapersistencejakarta.persistence-api2.2.3jakarta.persistence-api-2.2.3.jar;C:Usersdonhu.m2repositoryorghibernatehibernate-core5.6.9.Finalhibernate-core-5.6.9.Final.jar;C:Usersdonhu.m2repositoryorgjbossloggingjboss-logging3.4.3.Finaljboss-logging-3.4.3.Final.jar;C:Usersdonhu.m2repositorynetbytebuddybyte-buddy1.12.11byte-buddy-1.12.11.jar;C:Usersdonhu.m2repositoryantlrantlr2.7.7antlr-2.7.7.jar;C:Usersdonhu.m2repositoryorgjbossjandex2.4.2.Finaljandex-2.4.2.Final.jar;C:Usersdonhu.m2repositorycomfasterxmlclassmate1.5.1classmate-1.5.1.jar;C:Usersdonhu.m2repositoryorghibernatecommonhibernate-commons-annotations5.1.2.Finalhibernate-commons-annotations-5.1.2.Final.jar;C:Usersdonhu.m2repositoryorgglassfishjaxbjaxb-runtime2.3.6jaxb-runtime-2.3.6.jar;C:Usersdonhu.m2repositoryorgglassfishjaxbtxw22.3.6txw2-2.3.6.jar;C:Usersdonhu.m2repositorycomsunistackistack-commons-runtime3.0.12istack-commons-runtime-3.0.12.jar;C:Usersdonhu.m2repositorycomsunactivationjakarta.activation1.2.2jakarta.activation-1.2.2.jar;C:Usersdonhu.m2repositoryorgspringframeworkdataspring-data-jpa2.7.1spring-data-jpa-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkdataspring-data-commons2.7.1spring-data-commons-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-orm5.3.21spring-orm-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-context5.3.21spring-context-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-tx5.3.21spring-tx-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-beans5.3.21spring-beans-5.3.21.jar;C:Usersdonhu.m2repositoryorgslf4jslf4j-api1.7.36slf4j-api-1.7.36.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-aspects5.3.21spring-aspects-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-security2.7.1spring-boot-starter-security-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter2.7.1spring-boot-starter-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot2.7.1spring-boot-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-autoconfigure2.7.1spring-boot-autoconfigure-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-logging2.7.1spring-boot-starter-logging-2.7.1.jar;C:Usersdonhu.m2repositorychqoslogbacklogback-classic1.2.11logback-classic-1.2.11.jar;C:Usersdonhu.m2repositorychqoslogbacklogback-core1.2.11logback-core-1.2.11.jar;C:Usersdonhu.m2repositoryorgapachelogginglog4jlog4j-to-slf4j2.17.2log4j-to-slf4j-2.17.2.jar;C:Usersdonhu.m2repositoryorgapachelogginglog4jlog4j-api2.17.2log4j-api-2.17.2.jar;C:Usersdonhu.m2repositoryorgslf4jjul-to-slf4j1.7.36jul-to-slf4j-1.7.36.jar;C:Usersdonhu.m2repositoryjakartaannotationjakarta.annotation-api1.3.5jakarta.annotation-api-1.3.5.jar;C:Usersdonhu.m2repositoryorgyamlsnakeyaml1.30snakeyaml-1.30.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-aop5.3.21spring-aop-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworksecurityspring-security-config5.7.2spring-security-config-5.7.2.jar;C:Usersdonhu.m2repositoryorgspringframeworksecurityspring-security-web5.7.2spring-security-web-5.7.2.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-expression5.3.21spring-expression-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-validation2.7.1spring-boot-starter-validation-2.7.1.jar;C:Usersdonhu.m2repositoryorgapachetomcatembedtomcat-embed-el9.0.64tomcat-embed-el-9.0.64.jar;C:Usersdonhu.m2repositoryorghibernatevalidatorhibernate-validator6.2.3.Finalhibernate-validator-6.2.3.Final.jar;C:Usersdonhu.m2repositoryjakartavalidationjakarta.validation-api2.0.2jakarta.validation-api-2.0.2.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-web2.7.1spring-boot-starter-web-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-json2.7.1spring-boot-starter-json-2.7.1.jar;C:Usersdonhu.m2repositorycomfasterxmljacksondatatypejackson-datatype-jdk82.13.3jackson-datatype-jdk8-2.13.3.jar;C:Usersdonhu.m2repositorycomfasterxmljacksondatatypejackson-datatype-jsr3102.13.3jackson-datatype-jsr310-2.13.3.jar;C:Usersdonhu.m2repositorycomfasterxmljacksonmodulejackson-module-parameter-names2.13.3jackson-module-parameter-names-2.13.3.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-tomcat2.7.1spring-boot-starter-tomcat-2.7.1.jar;C:Usersdonhu.m2repositoryorgapachetomcatembedtomcat-embed-core9.0.64tomcat-embed-core-9.0.64.jar;C:Usersdonhu.m2repositoryorgapachetomcatembedtomcat-embed-websocket9.0.64tomcat-embed-websocket-9.0.64.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-web5.3.21spring-web-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-webmvc5.3.21spring-webmvc-5.3.21.jar;C:Usersdonhu.m2repositoryiojsonwebtokenjjwt-api.11.5jjwt-api-0.11.5.jar;C:Usersdonhu.m2repositoryiojsonwebtokenjjwt-impl.11.5jjwt-impl-0.11.5.jar;C:Usersdonhu.m2repositoryiojsonwebtokenjjwt-jackson.11.5jjwt-jackson-0.11.5.jar;C:Usersdonhu.m2repositorycomfasterxmljacksoncorejackson-databind2.13.3jackson-databind-2.13.3.jar;C:Usersdonhu.m2repositorycomfasterxmljacksoncorejackson-annotations2.13.3jackson-annotations-2.13.3.jar;C:Usersdonhu.m2repositoryjakartaxmlbindjakarta.xml.bind-api4.0.0jakarta.xml.bind-api-4.0.0.jar;C:Usersdonhu.m2repositoryjakartaactivationjakarta.activation-api1.2.2jakarta.activation-api-1.2.2.jar;C:Usersdonhu.m2repositoryjavaxxmlbindjaxb-api2.3.1jaxb-api-2.3.1.jar;C:Usersdonhu.m2repositoryjavaxactivationjavax.activation-api1.2.0javax.activation-api-1.2.0.jar;C:Usersdonhu.m2repositorycomfasterxmljacksondatatypejackson-datatype-hibernate52.13.3jackson-datatype-hibernate5-2.13.3.jar;C:Usersdonhu.m2repositoryjavaxtransactionjavax.transaction-api1.3javax.transaction-api-1.3.jar;C:Usersdonhu.m2repositorycomfasterxmljacksoncorejackson-core2.13.3jackson-core-2.13.3.jar;C:Usersdonhu.m2repositoryorgpostgresqlpostgresql42.3.6postgresql-42.3.6.jar;C:Usersdonhu.m2repositoryorgcheckerframeworkchecker-qual3.5.0checker-qual-3.5.0.jar;C:Usersdonhu.m2repositoryorgspringdocspringdoc-openapi-ui1.6.9springdoc-openapi-ui-1.6.9.jar;C:Usersdonhu.m2repositoryorgspringdocspringdoc-openapi-webmvc-core1.6.9springdoc-openapi-webmvc-core-1.6.9.jar;C:Usersdonhu.m2repositoryorgwebjarsswagger-ui4.11.1swagger-ui-4.11.1.jar;C:Usersdonhu.m2repositoryorgwebjarswebjars-locator-core.50webjars-locator-core-0.50.jar;C:Usersdonhu.m2repositoryiogithubclassgraphclassgraph4.8.147classgraph-4.8.147.jar;C:Usersdonhu.m2repositoryorgspringdocspringdoc-openapi-security1.6.9springdoc-openapi-security-1.6.9.jar;C:Usersdonhu.m2repositoryorgspringdocspringdoc-openapi-common1.6.9springdoc-openapi-common-1.6.9.jar;C:Usersdonhu.m2repositoryioswaggercorev3swagger-core2.2.0swagger-core-2.2.0.jar;C:Usersdonhu.m2repositoryorgapachecommonscommons-lang33.12.0commons-lang3-3.12.0.jar;C:Usersdonhu.m2repositorycomfasterxmljacksondataformatjackson-dataformat-yaml2.13.3jackson-dataformat-yaml-2.13.3.jar;C:Usersdonhu.m2repositoryioswaggercorev3swagger-annotations2.2.0swagger-annotations-2.2.0.jar;C:Usersdonhu.m2repositoryioswaggercorev3swagger-models2.2.0swagger-models-2.2.0.jar;C:Usersdonhu.m2repositoryorgspringframeworksecurityspring-security-core5.7.2spring-security-core-5.7.2.jar;C:Usersdonhu.m2repositoryorgspringframeworksecurityspring-security-crypto5.7.2spring-security-crypto-5.7.2.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-core5.3.21spring-core-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-jcl5.3.21spring-jcl-5.3.21.jar;D:Program FilesJetBrainsIntelliJ IDEA 2022.1.2libidea_rt.jar" com.example.SpringApplication
Java HotSpot(TM) 64-Bit Server VM warning: Options -Xverify:none and -noverify were deprecated in JDK 13 and will likely be removed in a future release.
Connected to the target VM, address: '127.0.0.1:60285', transport: 'socket'

  .   ____          _            __ _ _
 /\ / ___'_ __ _ _(_)_ __  __ _    
( ( )___ | '_ | '_| | '_ / _` |    
 \/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |___, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::                (v2.7.1)

2022-07-21 21:40:02.090  INFO 16836 --- [           main] com.example.SpringApplication            : Starting SpringApplication using Java 18.0.1.1 on vypc with PID 16836 (D:githubspring-jwttargetclasses started by donhu in D:githubspring-jwt)
2022-07-21 21:40:02.092  INFO 16836 --- [           main] com.example.SpringApplication            : No active profile set, falling back to 1 default profile: "default"
2022-07-21 21:40:02.679  INFO 16836 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2022-07-21 21:40:02.730  INFO 16836 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 46 ms. Found 3 JPA repository interfaces.
2022-07-21 21:40:03.058  INFO 16836 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8088 (http)
2022-07-21 21:40:03.064  INFO 16836 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2022-07-21 21:40:03.064  INFO 16836 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.64]
2022-07-21 21:40:03.147  INFO 16836 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2022-07-21 21:40:03.147  INFO 16836 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1028 ms
2022-07-21 21:40:03.247  WARN 16836 --- [           main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2022-07-21 21:40:03.313  INFO 16836 --- [           main] o.hibernate.jpa.internal.util.LogHelper  : HHH000204: Processing PersistenceUnitInfo [name: default]
2022-07-21 21:40:03.341  INFO 16836 --- [           main] org.hibernate.Version                    : HHH000412: Hibernate ORM core version 5.6.9.Final
2022-07-21 21:40:03.424  INFO 16836 --- [           main] o.hibernate.annotations.common.Version   : HCANN000001: Hibernate Commons Annotations {5.1.2.Final}
2022-07-21 21:40:03.515  INFO 16836 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Starting...
2022-07-21 21:40:03.580  INFO 16836 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Start completed.
2022-07-21 21:40:03.592  INFO 16836 --- [           main] org.hibernate.dialect.Dialect            : HHH000400: Using dialect: org.hibernate.dialect.PostgreSQLDialect
2022-07-21 21:40:07.485  INFO 16836 --- [           main] o.h.e.t.j.p.i.JtaPlatformInitiator       : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2022-07-21 21:40:07.492  INFO 16836 --- [           main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2022-07-21 21:40:08.165  INFO 16836 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@72ad1402, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@621ae2e7, org.springframework.security.web.context.SecurityContextPersistenceFilter@3cef755e, org.springframework.security.web.header.HeaderWriterFilter@21275d4a, org.springframework.web.filter.CorsFilter@683eef1e, org.springframework.security.web.authentication.logout.LogoutFilter@16e578fc, com.example.security.jwt.AuthTokenFilter@3346245e, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@7a1768bd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@65e62ae8, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@525284af, org.springframework.security.web.session.SessionManagementFilter@70cbce67, org.springframework.security.web.access.ExceptionTranslationFilter@1addcf78, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@3c87f534]
2022-07-21 21:40:08.371  INFO 16836 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8088 (http) with context path ''
2022-07-21 21:40:08.380  INFO 16836 --- [           main] com.example.SpringApplication            : Started SpringApplication in 6.518 seconds (JVM running for 7.082)
2022-07-21 21:40:09.834  INFO 16836 --- [nio-8088-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-07-21 21:40:09.834  INFO 16836 --- [nio-8088-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2022-07-21 21:40:09.835  INFO 16836 --- [nio-8088-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms
2022-07-21 21:40:10.000 ERROR 16836 --- [nio-8088-exec-7] c.e.security.jwt.AuthEntryPointJwt       : Unauthorized error: Full authentication is required to access this resource

JavaScript
 
"C:Program FilesJavajdk-18.0.1.1binjava.exe" -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:60285,suspend=y,server=n -XX:TieredStopAtLevel=1 -noverify -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dspring.jmx.enabled=true -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true -javaagent:C:UsersdonhuAppDataLocalJetBrainsIntelliJIdea2022.1captureAgentdebugger-agent.jar -Dfile.encoding=UTF-8 -classpath "D:githubspring-jwttargetclasses;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-data-jpa2.7.1spring-boot-starter-data-jpa-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-aop2.7.1spring-boot-starter-aop-2.7.1.jar;C:Usersdonhu.m2repositoryorgaspectjaspectjweaver1.9.7aspectjweaver-1.9.7.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-jdbc2.7.1spring-boot-starter-jdbc-2.7.1.jar;C:Usersdonhu.m2repositorycomzaxxerHikariCP4.0.3HikariCP-4.0.3.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-jdbc5.3.21spring-jdbc-5.3.21.jar;C:Usersdonhu.m2repositoryjakartatransactionjakarta.transaction-api1.3.3jakarta.transaction-api-1.3.3.jar;C:Usersdonhu.m2repositoryjakartapersistencejakarta.persistence-api2.2.3jakarta.persistence-api-2.2.3.jar;C:Usersdonhu.m2repositoryorghibernatehibernate-core5.6.9.Finalhibernate-core-5.6.9.Final.jar;C:Usersdonhu.m2repositoryorgjbossloggingjboss-logging3.4.3.Finaljboss-logging-3.4.3.Final.jar;C:Usersdonhu.m2repositorynetbytebuddybyte-buddy1.12.11byte-buddy-1.12.11.jar;C:Usersdonhu.m2repositoryantlrantlr2.7.7antlr-2.7.7.jar;C:Usersdonhu.m2repositoryorgjbossjandex2.4.2.Finaljandex-2.4.2.Final.jar;C:Usersdonhu.m2repositorycomfasterxmlclassmate1.5.1classmate-1.5.1.jar;C:Usersdonhu.m2repositoryorghibernatecommonhibernate-commons-annotations5.1.2.Finalhibernate-commons-annotations-5.1.2.Final.jar;C:Usersdonhu.m2repositoryorgglassfishjaxbjaxb-runtime2.3.6jaxb-runtime-2.3.6.jar;C:Usersdonhu.m2repositoryorgglassfishjaxbtxw22.3.6txw2-2.3.6.jar;C:Usersdonhu.m2repositorycomsunistackistack-commons-runtime3.0.12istack-commons-runtime-3.0.12.jar;C:Usersdonhu.m2repositorycomsunactivationjakarta.activation1.2.2jakarta.activation-1.2.2.jar;C:Usersdonhu.m2repositoryorgspringframeworkdataspring-data-jpa2.7.1spring-data-jpa-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkdataspring-data-commons2.7.1spring-data-commons-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-orm5.3.21spring-orm-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-context5.3.21spring-context-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-tx5.3.21spring-tx-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-beans5.3.21spring-beans-5.3.21.jar;C:Usersdonhu.m2repositoryorgslf4jslf4j-api1.7.36slf4j-api-1.7.36.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-aspects5.3.21spring-aspects-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-security2.7.1spring-boot-starter-security-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter2.7.1spring-boot-starter-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot2.7.1spring-boot-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-autoconfigure2.7.1spring-boot-autoconfigure-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-logging2.7.1spring-boot-starter-logging-2.7.1.jar;C:Usersdonhu.m2repositorychqoslogbacklogback-classic1.2.11logback-classic-1.2.11.jar;C:Usersdonhu.m2repositorychqoslogbacklogback-core1.2.11logback-core-1.2.11.jar;C:Usersdonhu.m2repositoryorgapachelogginglog4jlog4j-to-slf4j2.17.2log4j-to-slf4j-2.17.2.jar;C:Usersdonhu.m2repositoryorgapachelogginglog4jlog4j-api2.17.2log4j-api-2.17.2.jar;C:Usersdonhu.m2repositoryorgslf4jjul-to-slf4j1.7.36jul-to-slf4j-1.7.36.jar;C:Usersdonhu.m2repositoryjakartaannotationjakarta.annotation-api1.3.5jakarta.annotation-api-1.3.5.jar;C:Usersdonhu.m2repositoryorgyamlsnakeyaml1.30snakeyaml-1.30.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-aop5.3.21spring-aop-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworksecurityspring-security-config5.7.2spring-security-config-5.7.2.jar;C:Usersdonhu.m2repositoryorgspringframeworksecurityspring-security-web5.7.2spring-security-web-5.7.2.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-expression5.3.21spring-expression-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-validation2.7.1spring-boot-starter-validation-2.7.1.jar;C:Usersdonhu.m2repositoryorgapachetomcatembedtomcat-embed-el9.0.64tomcat-embed-el-9.0.64.jar;C:Usersdonhu.m2repositoryorghibernatevalidatorhibernate-validator6.2.3.Finalhibernate-validator-6.2.3.Final.jar;C:Usersdonhu.m2repositoryjakartavalidationjakarta.validation-api2.0.2jakarta.validation-api-2.0.2.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-web2.7.1spring-boot-starter-web-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-json2.7.1spring-boot-starter-json-2.7.1.jar;C:Usersdonhu.m2repositorycomfasterxmljacksondatatypejackson-datatype-jdk82.13.3jackson-datatype-jdk8-2.13.3.jar;C:Usersdonhu.m2repositorycomfasterxmljacksondatatypejackson-datatype-jsr3102.13.3jackson-datatype-jsr310-2.13.3.jar;C:Usersdonhu.m2repositorycomfasterxmljacksonmodulejackson-module-parameter-names2.13.3jackson-module-parameter-names-2.13.3.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-tomcat2.7.1spring-boot-starter-tomcat-2.7.1.jar;C:Usersdonhu.m2repositoryorgapachetomcatembedtomcat-embed-core9.0.64tomcat-embed-core-9.0.64.jar;C:Usersdonhu.m2repositoryorgapachetomcatembedtomcat-embed-websocket9.0.64tomcat-embed-websocket-9.0.64.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-web5.3.21spring-web-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-webmvc5.3.21spring-webmvc-5.3.21.jar;C:Usersdonhu.m2repositoryiojsonwebtokenjjwt-api.11.5jjwt-api-0.11.5.jar;C:Usersdonhu.m2repositoryiojsonwebtokenjjwt-impl.11.5jjwt-impl-0.11.5.jar;C:Usersdonhu.m2repositoryiojsonwebtokenjjwt-jackson.11.5jjwt-jackson-0.11.5.jar;C:Usersdonhu.m2repositorycomfasterxmljacksoncorejackson-databind2.13.3jackson-databind-2.13.3.jar;C:Usersdonhu.m2repositorycomfasterxmljacksoncorejackson-annotations2.13.3jackson-annotations-2.13.3.jar;C:Usersdonhu.m2repositoryjakartaxmlbindjakarta.xml.bind-api4.0.0jakarta.xml.bind-api-4.0.0.jar;C:Usersdonhu.m2repositoryjakartaactivationjakarta.activation-api1.2.2jakarta.activation-api-1.2.2.jar;C:Usersdonhu.m2repositoryjavaxxmlbindjaxb-api2.3.1jaxb-api-2.3.1.jar;C:Usersdonhu.m2repositoryjavaxactivationjavax.activation-api1.2.0javax.activation-api-1.2.0.jar;C:Usersdonhu.m2repositorycomfasterxmljacksondatatypejackson-datatype-hibernate52.13.3jackson-datatype-hibernate5-2.13.3.jar;C:Usersdonhu.m2repositoryjavaxtransactionjavax.transaction-api1.3javax.transaction-api-1.3.jar;C:Usersdonhu.m2repositorycomfasterxmljacksoncorejackson-core2.13.3jackson-core-2.13.3.jar;C:Usersdonhu.m2repositoryorgpostgresqlpostgresql42.3.6postgresql-42.3.6.jar;C:Usersdonhu.m2repositoryorgcheckerframeworkchecker-qual3.5.0checker-qual-3.5.0.jar;C:Usersdonhu.m2repositoryorgspringdocspringdoc-openapi-ui1.6.9springdoc-openapi-ui-1.6.9.jar;C:Usersdonhu.m2repositoryorgspringdocspringdoc-openapi-webmvc-core1.6.9springdoc-openapi-webmvc-core-1.6.9.jar;C:Usersdonhu.m2repositoryorgwebjarsswagger-ui4.11.1swagger-ui-4.11.1.jar;C:Usersdonhu.m2repositoryorgwebjarswebjars-locator-core.50webjars-locator-core-0.50.jar;C:Usersdonhu.m2repositoryiogithubclassgraphclassgraph4.8.147classgraph-4.8.147.jar;C:Usersdonhu.m2repositoryorgspringdocspringdoc-openapi-security1.6.9springdoc-openapi-security-1.6.9.jar;C:Usersdonhu.m2repositoryorgspringdocspringdoc-openapi-common1.6.9springdoc-openapi-common-1.6.9.jar;C:Usersdonhu.m2repositoryioswaggercorev3swagger-core2.2.0swagger-core-2.2.0.jar;C:Usersdonhu.m2repositoryorgapachecommonscommons-lang33.12.0commons-lang3-3.12.0.jar;C:Usersdonhu.m2repositorycomfasterxmljacksondataformatjackson-dataformat-yaml2.13.3jackson-dataformat-yaml-2.13.3.jar;C:Usersdonhu.m2repositoryioswaggercorev3swagger-annotations2.2.0swagger-annotations-2.2.0.jar;C:Usersdonhu.m2repositoryioswaggercorev3swagger-models2.2.0swagger-models-2.2.0.jar;C:Usersdonhu.m2repositoryorgspringframeworksecurityspring-security-core5.7.2spring-security-core-5.7.2.jar;C:Usersdonhu.m2repositoryorgspringframeworksecurityspring-security-crypto5.7.2spring-security-crypto-5.7.2.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-core5.3.21spring-core-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-jcl5.3.21spring-jcl-5.3.21.jar;D:Program FilesJetBrainsIntelliJ IDEA 2022.1.2libidea_rt.jar" com.example.SpringApplicationJava HotSpot(TM) 64-Bit Server VM warning: Options -Xverify:none and -noverify were deprecated in JDK 13 and will likely be removed in a future release.Connected to the target VM, address: '127.0.0.1:60285', transport: 'socket'​  .   ____          _            __ _ _ /\ / ___'_ __ _ _(_)_ __  __ _    ( ( )___ | '_ | '_| | '_ / _` |     \/  ___)| |_)| | | | | || (_| |  ) ) ) )  '  |____| .__|_| |_|_| |___, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot ::                (v2.7.1)​2022-07-21 21:40:02.090  INFO 16836 --- [           main] com.example.SpringApplication            : Starting SpringApplication using Java 18.0.1.1 on vypc with PID 16836 (D:githubspring-jwttargetclasses started by donhu in D:githubspring-jwt)2022-07-21 21:40:02.092  INFO 16836 --- [           main] com.example.SpringApplication            : No active profile set, falling back to 1 default profile: "default"2022-07-21 21:40:02.679  INFO 16836 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.2022-07-21 21:40:02.730  INFO 16836 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 46 ms. Found 3 JPA repository interfaces.2022-07-21 21:40:03.058  INFO 16836 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8088 (http)2022-07-21 21:40:03.064  INFO 16836 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]2022-07-21 21:40:03.064  INFO 16836 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.64]2022-07-21 21:40:03.147  INFO 16836 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext2022-07-21 21:40:03.147  INFO 16836 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1028 ms2022-07-21 21:40:03.247  WARN 16836 --- [           main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning2022-07-21 21:40:03.313  INFO 16836 --- [           main] o.hibernate.jpa.internal.util.LogHelper  : HHH000204: Processing PersistenceUnitInfo [name: default]2022-07-21 21:40:03.341  INFO 16836 --- [           main] org.hibernate.Version                    : HHH000412: Hibernate ORM core version 5.6.9.Final2022-07-21 21:40:03.424  INFO 16836 --- [           main] o.hibernate.annotations.common.Version   : HCANN000001: Hibernate Commons Annotations {5.1.2.Final}2022-07-21 21:40:03.515  INFO 16836 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Starting...2022-07-21 21:40:03.580  INFO 16836 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Start completed.2022-07-21 21:40:03.592  INFO 16836 --- [           main] org.hibernate.dialect.Dialect            : HHH000400: Using dialect: org.hibernate.dialect.PostgreSQLDialect2022-07-21 21:40:07.485  INFO 16836 --- [           main] o.h.e.t.j.p.i.JtaPlatformInitiator       : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]2022-07-21 21:40:07.492  INFO 16836 --- [           main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'2022-07-21 21:40:08.165  INFO 16836 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@72ad1402, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@621ae2e7, org.springframework.security.web.context.SecurityContextPersistenceFilter@3cef755e, org.springframework.security.web.header.HeaderWriterFilter@21275d4a, org.springframework.web.filter.CorsFilter@683eef1e, org.springframework.security.web.authentication.logout.LogoutFilter@16e578fc, com.example.security.jwt.AuthTokenFilter@3346245e, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@7a1768bd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@65e62ae8, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@525284af, org.springframework.security.web.session.SessionManagementFilter@70cbce67, org.springframework.security.web.access.ExceptionTranslationFilter@1addcf78, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@3c87f534]2022-07-21 21:40:08.371  INFO 16836 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8088 (http) with context path ''2022-07-21 21:40:08.380  INFO 16836 --- [           main] com.example.SpringApplication            : Started SpringApplication in 6.518 seconds (JVM running for 7.082)2022-07-21 21:40:09.834  INFO 16836 --- [nio-8088-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'2022-07-21 21:40:09.834  INFO 16836 --- [nio-8088-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'2022-07-21 21:40:09.835  INFO 16836 --- [nio-8088-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms2022-07-21 21:40:10.000 ERROR 16836 --- [nio-8088-exec-7] c.e.security.jwt.AuthEntryPointJwt       : Unauthorized error: Full authentication is required to access this resource​

Go to URL http://localhost:8088/swagger-ui/index.html

How to fix it?

Answer

Your configuration is mostly correct, your swagger page loads properly except that when it tries to retrieve the swagger config and api-docs via its ajax call it fails to do so because it’s under security’s control.

Look at your dev tools and watch the network traffic; you’ll probably see a couple of requests like this:

/v3/api-docs or /v3/api-docs/swagger-config

So, adding /v3/api-docs/** to your included permitAll() should do the trick.

.authorizeRequests().antMatchers("/api/auth/**", "/swagger-ui/**", "/v3/api-docs").permitAll()

JavaScript
 
.authorizeRequests().antMatchers("/api/auth/**", "/swagger-ui/**", "/v3/api-docs").permitAll()​

Advertisement

Answer